Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2654030ybi; Thu, 18 Jul 2019 11:55:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqzY6hvQGQh7z4MmKZWCri6p0kE6LKOg3pEuerMGVoYmyWUMijUPsNW0a4chVtK3I8ihII4g X-Received: by 2002:a65:5584:: with SMTP id j4mr19039350pgs.258.1563476099884; Thu, 18 Jul 2019 11:54:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563476099; cv=none; d=google.com; s=arc-20160816; b=xB9HpLoyUeeCNFx0KsjKG+gqyIg8ScabRNo4BAVhtgMTiNnxwWP7WMwj6Sj/6QljlN pd1oBvYBIkL28i+9rIzfHONULWMPBPMJytzAjp5UI9/A7H2la5GTB4dRenRf/NDMj/ft iCXZZxOO2PPuFTKKjv7bhskkAcr7uChozyd7mDAxVQGOjeclLgQZzfsls3mv2/5ZYLy7 z+I/t5bURtQ8m3bYFhCT+vrIcaAuqinhh1Xx6op4/eGQckfjJ7/Mz+Lrtb1Nw9dQCbcl Y7SeCFmD97+KigRfRzTfCAjuCQaOd/uxfIyaxkvofW1f94r29RTurHKeM+R+iFrSn7Dl K/GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:mail-followup-to:message-id:subject:cc:to:from:date :dkim-signature; bh=/b7ti5XlchOdaQKK/m+f1BmRLsvnJhYgJOFAClHTMfg=; b=H2vvpL22xI+Jqy9KDOnEkrUuNB8w4jTCIeR+4yblZSdXXl5zEq+MUtJG2oiALVYJwk mKqAzv6dlUX7ADs/fYIhMKrdFEpadX601qMQs2GsPBxE4QxC+0KW+0NCSC0913PFc+Db yusZdIJ9O8vOfThUOx3wEfjXeOkVDmeIcf1n+bPHANocnQQGPiQ3UtmV57lCy8Tzdsq2 AYKKRn8KAmlbRPUIWbO8/3s7dOGTZB9y43jQiGgMdT4xaW0r8a4QhDZGxwALmHLijA1X vl58MXBossgThgHsXHANL4sC+W2Owkn0WaHLnVM+2QS+KrWM+VFbAGlgnCavlUF97b5O Dp5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@silvair-com.20150623.gappssmtp.com header.s=20150623 header.b=sx7L4Zh2; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a25si375204pfk.201.2019.07.18.11.54.29; Thu, 18 Jul 2019 11:54:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@silvair-com.20150623.gappssmtp.com header.s=20150623 header.b=sx7L4Zh2; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726715AbfGRSyP (ORCPT + 99 others); Thu, 18 Jul 2019 14:54:15 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:46517 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726649AbfGRSyP (ORCPT ); Thu, 18 Jul 2019 14:54:15 -0400 Received: by mail-lf1-f66.google.com with SMTP id z15so15680529lfh.13 for ; Thu, 18 Jul 2019 11:54:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=silvair-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=/b7ti5XlchOdaQKK/m+f1BmRLsvnJhYgJOFAClHTMfg=; b=sx7L4Zh2mIpULRqfkd0shDY1huy9ZC1SXTH/3ConmmKcsuvpbK9lkiNFNasFqeULpx 65MYj6cOUhthVJieUtdZ/GP9bEk55HuLOhjWL6HmCdHT5eo4mUcSp/SCjzHQ9bDAh+JI q1yWf1shz2884XHzfBtXKzP5sAsX6OTEk1R6DorxtD/VGgNYmaPq1A4bEt0UvQ07pdpt TOJlKd6DmkdZ+BkU8M+01/T2J212/pFdwNYGPiDeNIoH+pnix5eB9DEV2GSJSLQSGnOz F2thFPLm8kPYXVt+WfP3zpq45hUicqokawI1Wk2b3/gkb6pz7WcT554nVeUyG+MBbmOy oOcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=/b7ti5XlchOdaQKK/m+f1BmRLsvnJhYgJOFAClHTMfg=; b=F1h4lF21Lr7te2UHvuGYOvd2lztVdVR7ZPEEjaYXPYKNtH0ZeD6IkZ8w+u2vp4W5IT 7H9gpjB8JbYgZj+BXc3xityszYmrxcnFCIZKk8t0eUUfrCatJIGIA3mF8XUpX2e7/zr8 6YN33yhUdWPQ+/kHpkpHhNMwejwTu4mLcK35W8KT1GErwtbHVWcerc/WtG+Xa5aIOirD nMRAYpkg7Z4CxUGRGXh+mbUUH4LQm0Y6pvA9rXZPCFVa4PflAV2doQr96hnzy70CilYa 1AhppmgW1rCvtwG2IwXp9221NvP2cGqSueGGWjypUyWmbHdyQZMdVQgSlzPi8y+Wt+2k xGPA== X-Gm-Message-State: APjAAAVzWlP+7TUFa+9ozg/l5PskXjVth4pdjIl5PVe/RYX/7PR7PWNf 9srjXTHNpLh8EK9vgcEOG29xDw== X-Received: by 2002:ac2:50c4:: with SMTP id h4mr20478318lfm.104.1563476052676; Thu, 18 Jul 2019 11:54:12 -0700 (PDT) Received: from kynes (apn-77-112-37-101.dynamic.gprs.plus.pl. [77.112.37.101]) by smtp.gmail.com with ESMTPSA id a15sm4091617lfl.44.2019.07.18.11.54.11 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 18 Jul 2019 11:54:11 -0700 (PDT) Date: Thu, 18 Jul 2019 20:54:09 +0200 From: Michal Lowas-Rzechonek To: "Gix, Brian" Cc: "Stotland, Inga" , "linux-bluetooth@vger.kernel.org" Subject: Re: [PATCH BlueZ] mesh: Init keyring storage directory on node Attach() Message-ID: <20190718185409.3pqtjqwnahlus2k5@kynes> Mail-Followup-To: "Gix, Brian" , "Stotland, Inga" , "linux-bluetooth@vger.kernel.org" References: <20190718040126.5152-1-inga.stotland@intel.com> <20190718085923.4ljvk3t3avqdh24d@mlowasrzechonek2133> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: NeoMutt/20180716 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Brian, On 07/18, Gix, Brian wrote: > There are no use case allowed in the specification that allows any > Config Client except an authorized Provisioner to communicate with a > Config Server (even the local Config Server)... Any changes to a > nodes configuration states should be tracked by provisioners in a > master database, and this is not really possible if any node is > allowed to change it's own CFG Server states. OTOH, there is nothing in the spec that forbids it. For example, it's perfectly legal to create a vendor model that extends Config Server and adds a few additional opcodes that affect Config Server states. Another example is multiple Configuration Clients - the spec only says that synchronizing Provisioners is implementation specific, and it's not Provisioners who talk to Config Servers - it's a Configuration Client, a different role. And sychronizing Configuration Clients is not even mentioned. Also, for Device Keys, the spec says they are "known by nodes". Splitting the node into a "daemon" and an "application" is a bluez-specific architectural decision that has nothing to do with the standard. While I appreciate there are reasons to implement the stack in this manner, I am very much against adding arbitrary restrictions on the things one can do with such a stack. One of these restrictions is denying access to keys. This is fine, but the application needs to be able to use these keys *as if it knew them*. For example, it should be possible to implement an application-side server model that uses DevKey security. At the moment this is not doable, because there is no API to send a message encrypted with *local* device key. regards -- Michał Lowas-Rzechonek Silvair http://silvair.com Jasnogórska 44, 31-358 Krakow, POLAND